Skip to main content
Father's Day Sale — Get 40% off Vantage for yourself or as a gift
Get Started
SubscribeLogin
Published loading...Updated

Chinese-linked hackers targeted U.S., Canadian research facilities for a year, Google says

The group used custom malware and Google Workspace compliance rules to steal credentials and route nearly 150 matching emails to an attacker-controlled Gmail account.

  • On Monday, Google Threat Intelligence Group reported that Chinese-linked threat actor UNC6508 breached REDCap servers at North American medical and research institutions, stealing sensitive data between September 2023 and November 2025.
  • Attackers exploited vulnerable REDCap servers to deploy custom malware called "INFINITERED", which trojanized system files to harvest login credentials and maintain persistent remote access.
  • After obtaining administrator access, UNC6508 abused Google Workspace "content compliance rules" to silently BCC-forward emails matching nearly 150 keywords—including military strategy and medical research—to an attacker-controlled Gmail address.
  • GTIG disabled the attacker-controlled Gmail account and notified affected organizations across the United States and Canada, though researchers warned the full extent of the campaign remains unknown.
  • The operation reflects a broader pattern of state-sponsored actors embedding backdoors in critical infrastructure to intercept research and pre-position for potential sabotage, posing persistent security risks to defense, technology, and medical sectors.
Insights by Ground AI

29 Articles

Tech RadarTech Radar
Center

Google says Chinese hackers cracked Workspace security to hit 'a diverse set of national, state, and private medical entities' including research and defense organizations

Google warns of ongoing data theft campaign attributed to Chinese nation-state attacker.

·United Kingdom
Read Full Article
TNWTNW
Lean Left

A built-in Google Workspace feature became a Chinese espionage group's favourite exfiltration tool

A Chinese-linked hacking group spent more than a year secretly stealing data from US and Canadian academic, medical and military research institutions, before being detected, Google said on June 15.

·Amsterdam, Netherlands (Kingdom of the)
Read Full Article
CyberScoopCyberScoop
Center

Google exposes China espionage group that’s been lurking in networks undetected since 2023

Google threat hunters spotted yet another Chinese state-sponsored espionage group that for years had burrowed into systems belonging to government and private organizations to steal data across academia, medicine, military, cybersecurity and foreign policy.  Google Threat Intelligence Group discovered the previously unknown threat group UNC6508, which targeted organizations in the United States and Canada, in late 2025 but traced its earliest kn…

Read Full Article
The Epoch TimesThe Epoch Times
Lean Right

Beijing-Linked Hackers Targeted US, Canadian Research Institutions for Over a Year: Google

A Beijing-linked cyberespionage group spent more than a year infiltrating research institutions across North America before being detected, according to a new report from Google. In a report published on June 15, the Google Threat Intelligence Group said the hacking campaign, which ran from September 2023 through November 2025, primarily targeted academic, medical, and military research organizations in the United States and Canada. According to…

·New York, United States
Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

China-nexus group linked to multiyear campaign targeting US, Canadian medical research

A report from Google links a sophisticated espionage effort targeting information about viruses, AI and military information.

Read Full Article
CTV NewsCTV News
Center

Chinese-linked hackers targeted U.S., Canadian research facilities for a year, Google says

A Chinese-linked hacking group spent more than a year secretly stealing data from U.S. and Canadian academic, medical and military research institutions, before being detected, Google said on Monday.

·Canada
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe
Father's Day SaleGet 40% off Vantage subscriptions for yourself or a friend.Get Started

Bias Distribution

  • 64% of the sources are Center
64% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in New York, United States on Monday, June 15, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

US Foreign Policy icon

US Foreign Policy

Politics icon

Politics

Hacking icon

Hacking

Asia icon

Asia

Cybercrimes icon

Cybercrimes

Foreign Policy icon

Foreign Policy

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal